Caddy server setup...
149 views
Skip to first unread message
bdil...@peachbush.com
Jul 28, 2016, 11:36:25 PM7/28/16
to Camlistore
I've seen a reference to getting Caddy (caddyserver.com) as a proxy for Camlistore...
Anybody have a Caddyfile (and server config) that they would share?
It seems straightforward, but I can't get the certificates right.
I have the server config pointing to the same cert files as caddy, but I get:
2016/07/28 23:12:24 http: TLS handshake error from [::1]:39144: remote error: bad certificate
This is what I have now:
server-config.json
{
"auth": "userpass:xxxxx:xxxxx:+localhost",
"listen": ":3179",
"baseURL": "https://camlistore.xxxxxxx.com",
"identity": "AA091CD8",
"identitySecretRing": "/home/bdillahu/.config/camlistore/identity-secring.gpg",
"blobPath": "/home/bdillahu/var/camlistore/blobs",
"packRelated": true,
"levelDB": "/home/bdillahu/var/camlistore/index.leveldb",
"dbNames": null,
"https": true,
"httpsCert": "/etc/ssl/caddy/.caddy/acme/acme-v01.api.letsencrypt.org/sites/camlistore.xxxxxxx.com/camlistore.xxxxxxx.com.crt",
"httpsKey": "/etc/ssl/caddy/.caddy/acme/acme-v01.api.letsencrypt.org/sites/camlistore.xxxxxxx.com/camlistore.xxxxxxx.com.key"
}
Caddyfile:
camlistore.xxxxxxx.com {
gzip
log /var/log/caddy/camlistore_access.log
errors /var/log/caddy/camlistore_error.log
proxy / https://localhost:3179/ {
transparent
}
basicauth / xxxxx xxxxxxx
}
Anybody have a Caddyfile (and server config) that they would share?
It seems straightforward, but I can't get the certificates right.
I have the server config pointing to the same cert files as caddy, but I get:
2016/07/28 23:12:24 http: TLS handshake error from [::1]:39144: remote error: bad certificate
This is what I have now:
server-config.json
{
"auth": "userpass:xxxxx:xxxxx:+localhost",
"listen": ":3179",
"baseURL": "https://camlistore.xxxxxxx.com",
"identity": "AA091CD8",
"identitySecretRing": "/home/bdillahu/.config/camlistore/identity-secring.gpg",
"blobPath": "/home/bdillahu/var/camlistore/blobs",
"packRelated": true,
"levelDB": "/home/bdillahu/var/camlistore/index.leveldb",
"dbNames": null,
"https": true,
"httpsCert": "/etc/ssl/caddy/.caddy/acme/acme-v01.api.letsencrypt.org/sites/camlistore.xxxxxxx.com/camlistore.xxxxxxx.com.crt",
"httpsKey": "/etc/ssl/caddy/.caddy/acme/acme-v01.api.letsencrypt.org/sites/camlistore.xxxxxxx.com/camlistore.xxxxxxx.com.key"
}
Caddyfile:
camlistore.xxxxxxx.com {
gzip
log /var/log/caddy/camlistore_access.log
errors /var/log/caddy/camlistore_error.log
proxy / https://localhost:3179/ {
transparent
}
basicauth / xxxxx xxxxxxx
}
bdil...@peachbush.com
Jul 29, 2016, 10:04:06 PM7/29/16
to Camlistore
Well, I have it "working", but I'm not sure it's right :-)
3 items of note:
1) (and this I don't believe I should have to do, but...)
Add:
insecure_skip_verify
to the proxy
2) There is currently a bug in the "transparent" preset for caddy - this is fixed in the current code, but the last 0.9 release it doesn't work - see below for the manual fix
3) I don't need to auth in the caddy, since ccmlistore will do it
That leaves me with:
camlistore.xxxxxxx.com {
gzip
log /var/log/caddy/camlistore_access.log
errors /var/log/caddy/camlistore_error.log
proxy / https://localhost:3179/ {
gzip
log /var/log/caddy/camlistore_access.log
errors /var/log/caddy/camlistore_error.log
proxy / https://localhost:3179/ {
insecure_skip_verify
header_upstream Host {host}
header_upstream X-Real-IP {remote}
header_upstream X-Forwarded_For {remote}
header_upstream X-Forwarded-Proto {scheme}
# transparent
# transparent
Reply all
Reply to author
Forward
0 new messages